Author Archive

Data Breaches – What are your obligations as a business?

You will have seen many reports about data breaches in Australia and around the world. Obviously, you want to keep your and your customers’ private data secure. However, do you know your obligations?

An important change occurred on February 22, 2018 when the Notifiable Data Breaches (NBD) scheme came into effect.

The Notifiable Data Breaches (NDB) is a scheme under the 1988 privacy act that covers the responsibilities for entities responding to a data breach. It is an obligation for organizations to notify the breached parties whenever a data breach is likely to result in “serious harm” to any individual whose personal information is involved in the breach. Serious harm includes physical, psychological, emotional, financial and reputational harm. The Australian Information Commissioner must also be notified of eligible data breaches.

What is a data breach?

A data breach occurs if there is an unauthorised access to, unauthorised disclosure of, or loss of information. Examples of data breach includes

  • Data or records containing customers personal information is lost or stolen
  • A database containing personal record is hacked (Page up recent breach)
  • A cyber-attack that results in personal information being disclosed
  • Personal information is mistakenly provided to the wrong person
  • Employees browsing sensitive customer records without any legitimate purpose

Who must comply with the NDB scheme?

  • Agencies and organisations with an annual turnover of $3 million or more, credit reporting bodies, health service providers, and TFN recipients, among others.
  • Agencies and organisations that already have obligations under the privacy Act 1988 to secure personal information.
  • Entities that have privacy act obligations in relation to particular types of information only (for example, small businesses that are required to secure tax file number information) do not need to notify data breaches that affect other types of information outside the scope of their obligation.
  • Regulated credit providers (banks or other credit providers).

A preparatory checklist

The following steps will help organisations to comply with the notifiable data breach regime.

  • Conduct an information security audit (and fix any issues)
  • Establish a data breach response team (In house team or outsource)
  • Create (or update) and test your data breach response plan
  • Update your internal cyber security policies and train staff
  • Review key contracts with third party service providers

Chill IT manages the Essential Eight (Australian Cyber Security Centre) for clients, a prioritised list of mitigation strategies to protect their system and data against Cyber Attacks.

References
oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme
acsc.gov.au/publications/protect/essential-eight-explained.htm

Continue Reading

Website Security

Read the weekly blog from our friends at Chill IT…..

As of Wednesday July 25th 2018, Google has begun rolling out Chrome 68, which flags all sites not served over the HTTPS scheme as being “not secure”.

This means that, without SSL, you are likely to lose customers from your website in an environment where hacking & digital fraud is a concern. To ensure your website is not negatively affected you will need an SSL certificate associated with your domain so it can be HTTPS secure and have the pad lock symbol ) to show it is a trusted website.

HTTPS means your website has a secure way for transmitting data. A SSL from a trusted certificate authority is encrypted end-to-end, ensuring the data communicated is always protected, while standard HTTP sites just send plain text during transmission.

A SSL certificate is extremely important both to protect you customer’s data, and your image; it guarantees content integrity and the ability to detect tampering. Google ratings already favour sites with https protocol in place.

Google is implementing harsher measures in the near future: Google Chrome version 70 is due for release worldwide in mid-October additional policy changes to SSL certificates.

The changes will mean some current SSL certificates will no longer be trusted in Chrome’s latest version; an error page will appear before the website can be viewed if no action is taken. Given the large number of sites affected we strongly suggest you contact your IT provider to ensure you site is not affected.

For those of a more technical nature here is more information of SSL Certificates:

What is a SSL certificate, and how does it work?
SSL (Secure Socket Layer) is a way to confirm your site is secure. Basically it is a digital passports providing authentication to protect the confidentiality and integrity of website communication with browsers.

The authentication process follows this steps:

  • A browser or server attempts to connect to a website (i.e. a web server) secured with SSL. The browser/server requests that the web server identify itself.
  • The web server sends the browser/server a copy of its SSL certificate.
  • The browser/server checks to see whether or not it trusts the SSL certificate. If so, it sends a message to the web server.
  • The web server sends back a digitally signed acknowledgement to start an SSL encrypted session.
  • Encrypted data is shared between the browser/server and the web server.

Continue Reading

VISIT AND SUPPORT OUR PARTNERS


  • Direct Connect
  • EBM
  • Rockend
  • BMT
  • Inspection Manager
  • Chill Logo

    • Direct Connect
    • Rockend
    • EBM
    • BMT Tax
    • InspectionManager 4 Banner Jpeg
    • Chill IT

      Subscribe To Real+

      Discover more and keep up to date